Jax RS REST API - OAuth 2.0 and Control Origin

Question

I have a REST API built using Java JAX-RS, the API will be exposed to public and it is protected by OAuth 2.0.

I plan to use this API from internal projects I am building and because it is my API, I don't expect the user to authorise me to make calls to this API.

Right now, I am using filters to check access token and validate it against my OAuth Provider, sample of configuration :

<!-- Exposing the facility service as a REST service -->
<jaxrs:server id="restContainer" address="/">
    <jaxrs:serviceBeans>
      .. services beans
    </jaxrs:serviceBeans>
    <jaxrs:providers>
      <ref bean="oauthFilter"/> <-- filter to validate oauth
      <ref bean="apiUsageFilter"/> <-- filter to check api usage (integrated with 3scale)
      <ref bean="jacksonProvider" />
      <ref bean="exceptionMapper" />
    </jaxrs:providers>
    <jaxrs:extensionMappings>
      <entry key="json" value="application/json" />
      <entry key="xml" value="application/xml" />
      <entry key="html" value="text/html" />
    </jaxrs:extensionMappings>
    <jaxrs:features>
      <bean class="org.apache.cxf.feature.LoggingFeature"/>  
    </jaxrs:features>
</jaxrs:server>

I am wondering if I can implement a new filter to check origin of the call, if it is from among the listed ip(s)/domain(s) then bypass oauth, if not, then proceed with oauth.

Is that approach possible ? would it be a good practice? Pros and Cons?

Thanks!

Answer 1

The solution was simple : we implemented Client authorization grant for server-to-server applications, and Resource Owner Credentials authorization grant for mobile apps (that don't have backend) in the OAuth 2.0 server.